CNNVD-202512-649 Information

CNNVD ID

CNNVD-202512-649

Related CVE

CVE-2025-66554

• CNNVD Published: 2025-12-05

Description (Chinese)

Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud 5.5.4之前版本、6.0.6之前版本和7.2.5之前版本存在跨站脚本漏洞，该漏洞源于恶意用户可修改组织和标题字段加载CSS文件，可能导致CSS注入。

Description (English)

Nextcloud is an open-source synchronised and shared communications application for Nextcloud, Germany. Ex-Nextcloud 5.5.4, pre-06.6 and pre-7.2.5 have a cross-site script loophole, which results from the ability of malicious users to modify the organization and title fields to load the CSS document, which may result in an injection of CSS.

Hazard Level

Critical

Vulnerability Type

跨站脚本

Affected Vendor

Nextcloud

Published

2025-12-05

Last Modified

2026-02-24

References

https://github.com/nextcloud/contacts/commit/d954d098978dde1f121600e8b994e02f293c68b1 https://github.com/nextcloud/contacts/pull/4619 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v78-cpfc-v6h2 https://hackerone.com/reports/3293290

Patch

https://apps.nextcloud.com/apps/contacts